CVE Vulnerabilities

CVE-2014-3559

Published: Aug 06, 2014 | Modified: Feb 13, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
3.5 LOW
AV:N/AC:M/Au:S/C:P/I:N/A:N
RedHat/V2
3.5 MODERATE
AV:N/AC:M/Au:S/C:P/I:N/A:N
RedHat/V3
Ubuntu

The oVirt storage backend in Red Hat Enterprise Virtualization 3.4 does not wipe memory snapshots when deleting a VM, even when wipe-after-delete (WAD) is configured for the VMs disk, which allows remote authenticated users with certain credentials to read portions of the deleted VMs memory and obtain sensitive information via an uninitialized storage volume.

Affected Software

Name Vendor Start Version End Version
Enterprise_virtualization Redhat 3.4 (including) 3.4 (including)
RHEV Manager version 3.4 RedHat org.ovirt.engine-root-0:3.4.0-31 *

References